Hacker racketeers

*What’s weird is when your brainy, twenty-something geek neighbor is hauled from his basement apartment by a truckload of feds, when he never showed a visible sign of harming so much as a fly. But, well, that credit-card ripoff went into somebody’s pockets. His. And boy do they ever make money, in the carder scene. They put a lot of hard-case career wise-guys to shame.

*RICO for hackers is another seismic shift in the legal world. “The penalties for RICO are severe, and include stiff incarceration and asset forfeiture provisions.” Boy, do they ever. You could lose everything you own just from talking to the carder genius there. The feds used to just grab computers, but once you’re RICO, they’re gonna grab everything down to the last Bitcoin.

*via SANS

TOP OF THE NEWS
–Guilty Verdict in RICO Cybercrime Case
(December 9, 2013)

A jury in Nevada found David Ray Camez guilty of federal racketeering
charges for his involvement with the Carder.su website. Camez’s defense
team concedes that he is a criminal – the RICO (Racketeering Influenced
Corrupt Organizations) charges were brought while he was already serving
a seven-year state sentence for fraud – but the conviction sets a
significant legal precedent. It marks the first conviction for RICO
violations involving cybercrime and it means that Camez can be held
legally responsible for all activity that took place on the website.

[Editor’s Note (Henry): I don’t have all the facts related to this
specific case, but this is an opportunity to raise the general merits
of RICO in cybercrime investigations. Under RICO, a person who has
committed at least two acts of racketeering activity (drawn from a list
of 35 crimes, if such acts are related to an “enterprise,”) can be
charged with racketeering.

This law has been incredibly successful for more than 40 years in
identifying, prosecuting, and dismantling organized crime groups in the
physical world. Many of the cybercrime organizations I’ve seen in the
FBI, primarily targeting the financial services and retail sectors,
resemble these physical-world OC groups in their structure and actions.
There are multiple co-conspirators, each actively participating in
various parts of the crime over a period of time, sharing the sizable
stolen proceeds. The penalties for RICO are severe, and include stiff
incarceration and asset forfeiture provisions. In my opinion, these are
the very type of costs necessary to help deter these prolific groups,
and bring some risk to an otherwise profitable and risk-free endeavor.
(Pescatore): Over the years, RICO has enabled broad seizure of convicted
criminals’ assets with tremendous impact on any who depended (often
unknowingly) on those assets for legitimate business purposes. A cloud
service provider that gets convicted under RICO charges could cause a
lot of loss of service to users of the service. Another good reason to
(a) vet your cloud service providers and (2) have business continuity,
backup/recovery, continuity of operations plans in place for all use of
external services, including cloud services.]